b' DEPARTMENT OF HOMELAND SECURITY\n     Office of Inspector General\n\n\n        Review of Allegations Regarding\n       San Francisco International Airport\n\n\n\n\n            Office of Audits of Audits\n\n\n               Office of Audits\n\nOIG-07-04                          October 2006\n\x0c                                                                       Office of Inspector General\n\n                                                                       U.S. Department of Homeland Security\n                                                                       Washington, DC 20528\n\n\n\n\n                                       October 26, 2006\n\n                                             Preface\n\nThe Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by\nthe Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General\nAct of 1978. This is one of a series of audit, inspection, and special reports prepared as part of our\noversight responsibility to promote economy, efficiency, and effectiveness within the department.\n\nThis report assesses how security incidents have been identified and reported at San Francisco\nInternational Airport (SFO) and whether those procedures are consistent with Transportation\nSecurity Administration (TSA) policy. It also assesses whether and to what extent covert security\ntesting was compromised at SFO. The report is based on interviews with employees and officials of\nrelevant agencies and corporations and a review of applicable documents.\n\nThe recommendations contained in this report have been developed to the best knowledge available\nto us, and have been discussed in draft with appropriate management officials. It is our hope that\nthis report will result in more effective, efficient, and economical operations. We express our\nappreciation to all of those who contributed to the preparation of this report.\n\n\n\n\n                                             Richard L. Skinner\n                                             Inspector General\n\x0cTable of Contents/Abbreviations\n\n\nExecutive Summary ........................................................................................................................... 1\n\nBackground ......................................................................................................................................... 2\n\nResults of Review ............................................................................................................................... 4\n\n    SFO Management Generally Complied With TSA Procedures When Identifying and Reporting\n      Security Incidents...................................................................................................................... 4\n    Recommendation ........................................................................................................................... 7\n    Management Comments and OIG Analysis................................................................................... 7\n    Covert Security Testing at SFO Was Compromised ..................................................................... 8\n    Recommendation ........................................................................................................................... 9\n    Management Comments and OIG Analysis................................................................................... 9\n\nAppendices\n     Appendix A: Purpose, Scope, and Methodology....................................................................... 11\n\n     Appendix B: Management Comments to the Draft Report ....................................................... 13\n\n     Appendix C: Chronology of Events........................................................................................... 17\n\n     Appendix D: Major Contributors to this Report ........................................................................ 18\n\n     Appendix E: Report Distribution ............................................................................................... 19\n\n\nAbbreviations\n    AFSD              Assistant Federal Security Director\n    ATO               Airport Task Order\n    ATSA              Aviation and Transportation Security Act\n    AVO               Aviation Operations Directives\n    BOA               Basic Ordering Agreement\n    CAS               Covenant Aviation Security\n    DFSD              Deputy Federal Security Director\n    DHS               Department of Homeland Security\n    FSD               Federal Security Director\n    OIAPR             Office of Internal Affairs and Program Review\n    OIG               Office of Inspector General\n    PP5               Private Screening Pilot Program\n    PARIS             Performance and Results Information System\n\n\n\n                                       Review of Allegations Regarding San Francisco International Airport\n\x0cTable of Contents/Abbreviations\n\n\n PMIS   Performance Measurement Information System\n SCC    Screening Control Center\n SFO    San Francisco International Airport\n SPP    Screening Partnership Program\n TIP    Threat Image Projection\n TSA    Transportation Security Administration\n TSOC   Transportation Security Operations Center\n\n\n\n\n                 Review of Allegations Regarding San Francisco International Airport\n\x0c                                                                                       Audit\nOIG                                                                                    Report\nDepartment of Homeland Security\nOffice of Inspector General\n\nExecutive Summary\n               This report presents the results of our review of allegations that Transportation\n               Security Administration (TSA) officials at San Francisco International Airport\n               (SFO) covered up known security breaches at SFO and compromised Office of\n               Inspector General (OIG) covert security testing. We conducted this review at\n               the request of TSA management, as a result of preliminary findings by TSA\xe2\x80\x99s\n               Office of Internal Affairs and Program Review (OIAPR). Our objectives were\n               to determine (1) whether TSA management at SFO complied with TSA policy\n               and procedures for identifying and reporting security incidents; and (2) whether\n               and to what extent covert security testing has been compromised at SFO and if\n               so, who was responsible for those actions.\n               Generally, SFO management complied with TSA policy and procedures when\n               identifying and reporting security incidents. However, we identified one\n               uncontrolled security incident, in which SFO failed to report in TSA\xe2\x80\x99s\n               Performance and Results Information System (PARIS). Although TSA\n               management at SFO could not explain why the incident was not reported, we\n               identified no evidence that management acted intentionally to cover up or\n               misreport security incidents. We confirmed the allegation that TSA and\n               Covenant Aviation Security (CAS) officials at SFO compromised OIG covert\n               security testing between August 2003 and May 2004 by tracking testers\n               throughout the airport via surveillance cameras and on foot, and then notifying\n               screening personnel in advance of testers arriving at checkpoints. In May 2004,\n               CAS management, along with TSA management at SFO, issued directives that\n               all compromising activity surrounding covert security testing was to stop. We\n               referred the matter of TSA\xe2\x80\x99s involvement in compromising covert security\n               testing to our Office of Investigation.\n               We are recommending that TSA direct the Federal Security Director (FSD) at\n               SFO to ensure that appropriate members of his staff are trained in and have a\n               thorough knowledge of the guidelines for reporting security incidents to TSA\n               headquarters through PARIS and the Transportation Security Operations Center\n               (TSOC). Also, we recommend that TSA establish and promulgate policy to\n               regulate its actions in response to authorized covert security testing of\n               checkpoints. TSA concurred with one recommendation; partially concurred\n               with the other, and has taken actions to resolve both.\n\n\n\n                 Review of Allegations Regarding San Francisco International Airport\n                                               Page 1\n\x0cBackground\n                           On November 19, 2001, the President signed the Aviation and Transportation\n                           Security Act (ATSA) that created TSA. ATSA, in part, required TSA to\n                           implement a two-year private security screening pilot program. On\n                           October 11, 2002, TSA awarded CAS a contract to provide security screening\n                           at SFO.\n\n                           In November 2004, a CAS security screener at SFO sent a letter containing\n                           various allegations to CAS and TSA management. In January 2005, TSA\xe2\x80\x99s\n                           OIAPR investigated six allegations and determined that two of them had some\n                           merit. Specifically, (1) TSA officials were covering up known security\n                           breaches at SFO by classifying \xe2\x80\x9cserious breaches\xe2\x80\x9d as \xe2\x80\x9cmere incidents;\xe2\x80\x9d and\n                           (2) TSA and CAS officials were compromising OIG and OIAPR covert\n                           security tests by broadcasting tester descriptions and methodologies to all\n                           screening areas.\n\n                           In February 2005, TSA management recommended that, due to the critical\n                           nature of OIAPR\xe2\x80\x99s investigation results, the allegations be referred to the OIG\n                           for review. As a result, OIAPR transferred all relevant working papers and\n                           statements collected during the course of its review to the OIG\xe2\x80\x99s Office of\n                           Audits.\n\n                           TSA\xe2\x80\x99s AVO 400.18.1-1B: Reporting Security Incidents directs Federal\n                           Security Directors (FSDs) or their designees to report all security incidents, as\n                           defined within this directive, that occur at their airports. These reports are to\n                           be submitted to TSA headquarters through PARIS.1 To ensure that consistent,\n                           accurate, and timely information is reported, each FSD is directed to instruct\n                           the appropriate staff members to collect the information required under this\n                           AVO. The FSD or his/her designee is directed to review and approve each\n                           report within 24 hours and submit it to TSA headquarters through PARIS.\n\n                           This AVO contains 28 types of security incidents. Each incident type is\n                           defined and has minimal examples to assist in categorizing the incidents. One\n                           such category is a breach of security checkpoint. TSA\xe2\x80\x99s AVO 400.50.1-25:\n                           Security Breach at Passenger Screening Checkpoint: Revised Guidance\n                           contains the definition of what constitutes a security breach, procedures for\n                           managing the response to a potential or actual security breach, training for\n                           those involved, and coordination with local authorities. This AVO provides\n                           the following definitions:\n\n                               \xe2\x80\xa2    Security Breach - when a person enters the sterile area without\n                                    submitting to all screening and inspection of his or her person and\n1\n  PARIS is a TSA database application that tracks information about security incidents at the nation\xe2\x80\x99s airports. In\naddition to the PARIS reporting, some security incidents in this directive are marked to indicate that they must also be\nreported immediately by telephone to TSOC.\n                           Review of Allegations Regarding San Francisco International Airport\n                                                         Page 2\n\x0c        accessible property in accordance with the procedures being applied to\n        control access to the sterile area.\n    \xe2\x80\xa2   Uncontained Security Breach - situation where security personnel and\n        law enforcement are not able to continuously monitor and respond to\n        the uncleared person or item in the sterile area.\n\nFSDs and their staffs must pay particularly close attention to the definitions of\nthe incident type to ensure consistent reporting nationally. Consistent,\naccurate, and timely reporting on the number and nature of security incidents\nis important because TSA uses this information in lawsuits, civil enforcement\nactions, and criminal prosecutions, as well as to disseminate information to\nother TSA components. Reporting security incidents also serves to:\n\n    \xe2\x80\xa2   Alert TSA management to potentially dangerous or high-profile events\n        requiring crisis management or responses to media or congressional\n        inquiries;\n    \xe2\x80\xa2   Allow trend and link analyses of security-related incidents at each\n        airport, within each TSA area and nationwide; and\n    \xe2\x80\xa2   Identify new security threats, problem passengers, suspicious\n        activities, or new ways to artfully conceal prohibited items.\n\n\n\n\nReview of Allegations Regarding San Francisco International Airport\n                              Page 3\n\x0c    Results of Review\n\n           SFO Management Generally Complied With TSA Procedures When\n           Identifying and Reporting Security Incidents\n\n                           SFO management generally complied with TSA policy and procedures when\n                           identifying and reporting security incidents. However, the guidelines and\n                           definitions in AVO 400.18.1-1B: Reporting Security Incidents, dated\n                           May 12, 2004, are broad in scope and allow FSDs flexibility in categorizing\n                           security incidents and the resultant reporting. Also, we determined that only\n                           one of the five incidents which OIAPR determined to be a security incident in\n                           their investigation was actually a reportable security incident, and should have\n                           been reported to TSA headquarters through PARIS.\n\n                           TSA Incident Identification and Reporting Guidance is Subject to\n                           Interpretation\n\n                           According to AVO 400.18.1-1B, all FSDs or their designees are required to\n                           report all security incidents that occur at their airports within 24 hours through\n                           PARIS. Additionally, uncontained security breaches must be reported\n                           immediately by telephone to the TSOC.2 All FSDs or their designees must\n                           review and approve PARIS reports before they are submitted. FSDs and their\n                           staffs are directed to pay particularly close attention to the definitions of the\n                           incident type to ensure consistent reporting nationally.\n\n                           This AVO identifies 28 types of security incidents. Within each incident type,\n                           there is a definition and minimal examples to assist in categorizing the\n                           incidents. The definitions of some security incident types are broad and allow\n                           for a degree of flexibility by the FSD. However, this broad scope means that\n                           TSA management at SFO, or any airport, is unable to be absolute in its\n                           determination of the type of security incident represented by the event and\n                           how the incident should be reported. For example, Breach of Security\n                           Checkpoint is defined as an incident in which an individual breaches a\n                           security checkpoint, whether intentionally or inadvertently, without proper\n                           screening. Improper or No Screening is defined as incidents involving a\n                           screener who fails to screen a passenger or does so improperly. If a passenger\n                           sets off the alarm and the screener does not resolve the alarm, the question\n                           becomes which category applies: a Breach of Security Checkpoint based on a\n                           passenger inadvertently breaching security without proper screening; or,\n                           Improper or No Screening as screener error for failure to resolve the alarm?\n                           According to TSA management, this results in a wide disparity in reporting\n                           among airports.\n2\n  The TSOC is TSA\xe2\x80\x99s single point of contact for security-related operations, incidents, or crises in aviation and all land\nmodes of transportation. An uncontained security breach occurs when an individual passes through a security\ncheckpoint without proper screening, whether intentionally or inadvertently, where visual control has been lost.\n                           Review of Allegations Regarding San Francisco International Airport\n                                                         Page 4\n\x0cAfter OIAPR\xe2\x80\x99s review, which focused in part on the reporting of security\nincidents at SFO, the SFO Deputy Federal Security Director (DFSD) solicited\nthe opinion of an Aviation Operations subject matter expert at TSA\nheadquarters to confirm interpretation of the AVO. The DFSD found that\nSFO\xe2\x80\x99s interpretation was in agreement with TSA\xe2\x80\x99s expert opinion regarding\nthe identification and reporting of security breaches to the TSOC. Following\nthis inquiry, the DFSD sent a memorandum to Aviation Operations at TSA\nheadquarters to formally request clarification of the definition and intent of\nthe AVO for reporting security incidents. Aviation Operations management\nofficials stated they would develop a decision matrix of various breach\nscenarios to assess the risks associated with each of the scenarios and identify\nappropriate responses. This matrix will assist FSDs in being able to determine\nwhat should and should not be reported as a breach.\n\nScreening and Regulatory Divisions are Tasked with Identifying and\nReporting Security Incidents at SFO\n\nAVO 400.18.1-1B also directs FSDs to instruct the appropriate staff members\nto collect the information required to satisfy the reporting requirement under\nthis AVO, according to the incident type. Since the screening function at SFO\nwas federalized in 2002, the Screening Division has been tasked with\nresponding to and collecting the information surrounding security incidents.\nHowever, the various duties associated with preparing the template used to\nreport security incidents in PARIS have fluctuated between the Screening\nDivision and the Regulatory Division. According to TSA management, the\nresponsibility for compiling the information needed to complete the template,\nwhich includes categorizing the incident, inherently lies with the Regulatory\nDivision. The Regulatory Division is responsible for all matters concerning\nenforcement and compliance with security directives pertaining to airport and\naviation security. However, when the screening function at SFO became a\nfederal responsibility, the Regulatory Division did not have sufficient staff to\nhandle all of the reporting responsibilities associated with the volume of\nreportable security incidents. Therefore, the Screening Division was tasked\nwith a major share of these time-consuming responsibilities.\n\nThe Regulatory Division has always been responsible for reviewing,\napproving, and submitting security incident reports to PARIS and the TSOC\nwhen applicable. In August 2004, following an increase in staffing, the\npreparation of the reporting template, which includes identifying incident\ntypes, was shifted to the Regulatory Division.\n\nIn June 2005, preparation of the PARIS reporting template on routine\nprohibited items such as box cutters and knives with blades three inches or\nlonger, was shifted back to the Screening Division at SFO. This occurred\nwhen the SFO DFSD became aware, in January 2005, that SFO was not\nReview of Allegations Regarding San Francisco International Airport\n                              Page 5\n\x0cproperly reporting in PARIS a portion of the prohibited items confiscated,\nnamely box cutters and knives with blades three inches or longer, as required\nin the AVO. SFO had been properly reporting these items in the Performance\nMeasurement Information System (PMIS). The number of items confiscated\nin this category has caused a large increase in staff-hours to report them in\nPARIS. As a result, SFO shifted this specific incident responsibility to the\nScreening Division. The remainder of the PARIS reporting responsibilities\nremains with the Regulatory Division.\n\nOne Security Incident in OIAPR\xe2\x80\x99s Sampling Was Not Reported in\nPARIS\n\nIn its initial investigation, OIAPR found that five incidents recorded in CAS\nSafeskies (an online journal), within a five month sampling period from June\n2004 to October 2004, appeared to meet the definition of a security breach as\nset forth in AVO 400.50.1-25 and had not been reported in PARIS. However,\nwe determined that only one of these incidents should have been reported to\nTSA headquarters through PARIS.\n\nSafeskies is an online journal maintained by CAS to document certain events,\nincluding security incidents, occurring at SFO. This online journal is\nmaintained by staff in the Screening Control Center (SCC) at SFO to provide\nCAS corporate management in Illinois access to information regarding events\nas they occur at SFO. Safeskies entries cannot be edited, and sometimes\ncontain only initial descriptions of incidents. The entries do not include\nfollow-on measures used in resolving the incident.\n\nTSA management at SFO is responsible for all operational reporting to TSA\nheadquarters. They use their internal system for collecting information at the\nscreening checkpoints on security incidents. Under this system, the FSD and\nthe DFSD are always briefed on significant security incidents. Each\nScreening and Operations Manager prepares a daily log detailing all important\nactivities, including security incidents, occurring on their shift. The daily logs\nfrom each terminal are compiled into a document known as the Daily Incident\nReport.\n\nThese reports are delivered every morning to all TSA senior management and\nkey personnel at SFO for their review. This review provides an opportunity to\ncorrect any incident identification errors or notification oversights made by\nthe Screening Division and the Regulatory Division. Since a security screener\nmade the allegations of misreporting in November 2004, implementation of\nreporting checklists and emphasis on closer reviews has reinforced this\ninternal review process.\n\nWe determined that the five security incidents identified by OIAPR in their\ninitial investigation, as recorded in CAS Safeskies but not reported in PARIS,\n\nReview of Allegations Regarding San Francisco International Airport\n                              Page 6\n\x0cwere also recorded in the Screening Division\xe2\x80\x99s Daily Incident Reports. We\nreviewed the five incidents as detailed in these Daily Incidents Reports and\ndetermined that four of the five security incidents were not reportable security\nincidents within the definition provided in AVO 400.18.1-1B. One security\nincident was an uncontained security breach, as the result of a screener failing\nto complete secondary screening. As such, it should have been reported to\nTSA headquarters through PARIS and to the TSOC.\n\nAfter reviewing the videotape, at or near the time of the incident, two senior\nTSA Screening Division management officials and the responding TSA\nScreening Manager identified this one security incident as an uncontained\nsecurity breach, and therefore, reportable under the AVO. However, the\nincident was not reported to TSA headquarters through PARIS or by phone to\nthe TSOC. Screening Division management could not explain why the\nincident was not reported, but suggested that it may have been an\nadministrative oversight. We did not identify any evidence to suggest that any\nScreening Division personnel acted to withhold notification of this incident\nintentionally. However, we determined that, based on the facts surrounding\nthe incident, it should have been reported to TSA headquarters through PARIS\nand to the TSOC. In addition, as the senior responding official, the Assistant\nFederal Security Director (AFSD) for Screening had the specific\nresponsibility for ensuring that the incident was reported. The FSD agreed\nwith this determination.\n\nRecommendation 1: We recommend that TSA direct the SFO FSD to ensure\nthat appropriate members of its staff are trained in and have a thorough\nknowledge of the guidelines for reporting security incidents to TSA\nheadquarters through PARIS and the TSOC.\n\nManagement Comments and OIG Analysis\n\nTSA concurred with our recommendation. The FSD at SFO issued a local\ndirective in November 2005 detailing the process for reporting security\nincidents at SFO, and the training program established to ensure that all staff\npersonnel have a thorough knowledge of reporting requirements through both\nPARIS and the TSOC.\n\nIn addition, a TSA Operations Directive issued in August 2005 provides the\nrequirements for reporting security incidents to the TSOC. Both directives are\nprovided to all TSA and contractor management personnel during new-hire\ntraining.\n\nWe have determined that the actions TSA has taken are responsive to our\nrecommendation that SFO staff be trained in, and have a thorough knowledge\nof, the guidelines for reporting security incidents to TSA headquarters through\n\n\nReview of Allegations Regarding San Francisco International Airport\n                              Page 7\n\x0c           both PARIS and the TSOC. Therefore this recommendation is resolved and\n           closed.\n\nCovert Security Testing at SFO Was Compromised\n           Under the direction of TSA and CAS management at SFO, SCC personnel\n           compromised OIG and OIAPR covert security testing between August 2003\n           and May 2004 by tracking testers throughout the airport via surveillance\n           cameras and on foot. Then they notified screening personnel in advance when\n           a tester was approaching a checkpoint and provided their descriptions.\n           Broadcasting descriptions and locations of testers to screening checkpoints\n           impedes the testing and distorts the results of OIG audits. As a result, the\n           need for changes in policies, additional training of screeners, and additional\n           staffing as well as equipment inadequacies may not be revealed. At the end of\n           our fieldwork, TSA had not published guidance to regulate how TSA airport\n           management and screening personnel should respond to authorized covert\n           security testing of any airport screening procedures or facilities. We referred\n           the matter of TSA\xe2\x80\x99s SFO management involvement in compromising covert\n           security testing to our Office of Investigation. A chronology of events,\n           including covert security testing dates, occurring at SFO is provided as\n           Appendix C.\n\n           During the period August 2003 to January 2005, TSA and CAS officials at\n           SFO notified CAS personnel in the SCC of the start of covert security testing\n           and directed them to notify checkpoint-screening supervisors that covert\n           security testing was beginning. The DFSD established this practice after\n           local news media personnel conducted unauthorized security tests at SFO\xe2\x80\x99s\n           passenger screening checkpoints on February 26, 2003. The news media\n           conducted these tests following a serious breach at SFO, which occurred\n           February 6, 2003, and resulted in the evacuation of SFO\xe2\x80\x99s largest terminal.\n           This affected more than 40 scheduled flights at an estimated cost of $800,000.\n\n           According to TSA SFO management, they wanted the SCC to exercise\n           command and control over the checkpoints to provide immediate reaction and\n           communication for breach control. Therefore, management directed that the\n           cameras be trained on testers. In this process, TSA SFO management\n           encouraged SCC controllers to use the cameras in such a way as to allow them\n           to maintain visual contact from one surveillance area to next. For example,\n           tracking of a subject is accomplished by switching from camera to camera by\n           typing in the number of the camera in the next area. The SCC controllers\n           must know the cameras by number and which areas they control to track a\n           subject quickly.\n\n           When necessary, they are able to pull a videotape of an incident and have it\n           ready for viewing by TSA SFO management within approximately two\n           minutes.\n            Review of Allegations Regarding San Francisco International Airport\n                                          Page 8\n\x0cIn addition to tracking testers by CCTV, the SCC broadcasted descriptions\nand locations of testers to the checkpoints to assist the supervisors in\nidentifying testers and to facilitate passing the covert penetration tests. The\nability to broadcast this information was made possible by the extensive\nCCTV network available in the SCC at SFO.\n\nSFO TSA management stated that they did not instruct CAS personnel to\nbroadcast descriptions of testers, test methodologies, or locations of testers to\nthe checkpoints. They stated that if this was done, it was the sole work of\nCAS employees, without any input from SFO TSA management. However,\nCAS officials and personnel provided evidence that the verbal directives to\nbroadcast descriptions and locations of testers came from a member of SFO\nTSA management.\n\nThe advance notification regarding locations and descriptions of covert\nsecurity testers continued until May 2004, when a CAS employee in the SCC\nrefused to provide the descriptions and locations of testers and urged CAS\nmanagement to intervene. CAS management then directed its personnel to\ncease all such compromising activity immediately. Senior CAS officials also\nsecured TSA management\xe2\x80\x99s agreement to ensure that all compromising\nactivity by TSA personnel was stopped.\n\nHowever, notification of checkpoint supervisors of the start of covert security\ntesters continued until January 2005. After the January 2005 tests by the OIG,\nthe DFSD established a new protocol regarding SFO\xe2\x80\x99s response to covert\nsecurity testing. Under this new protocol, TSA will inform the SCC when\ncovert security testing is beginning; however, the SCC is prohibited from\nnotifying the checkpoint screening supervisors that covert testing has begun.\n\nRecommendation 2: We recommend that TSA establish policy to clarify\nTSA airport management and airport screening contractors\xe2\x80\x99 interaction with\ncovert security testers.\n\nManagement Comments and OIG Analysis\n\nTSA concurred in part with our recommendation. TSA believes that there is\nalready policy in place to address the improper dissemination of official and\nsensitive information, which covers covert testing. A Human Resources\nManagement Policy Letter provides the means to hold FSDs and other TSA\npersonnel accountable for disclosing information about covert testing at an\nairport.\n\nBecause of SFO\xe2\x80\x99s unusual nature in having a contractor screening force and a\nsophisticated camera surveillance system, TSA and the contractor issued\ndirectives in May 2004 to stop all activity that could compromise the integrity\n\nReview of Allegations Regarding San Francisco International Airport\n                              Page 9\n\x0cof covert security testing. TSA management at SFO issued another protocol\nin January 2005 that prohibits any notification to screening checkpoints that\ncovert testing is being conducted.\n\nWe accept TSA\xe2\x80\x99s response to our recommendation and consider the\nrecommendation resolved and closed.\n\n\n\n\nReview of Allegations Regarding San Francisco International Airport\n                             Page 10\n\x0cAppendix A\nPurpose, Scope and Methodology\n\n\n                  We conducted this review at the request of TSA management, in response to\n                  allegations related to the reporting of security incidents, and actions taken to\n                  compromise OIG covert testing at San Francisco International Airport.\n\n                  The objectives of the audit were to:\n\n                    \xe2\x80\xa2   Determine how security incidents are identified and reported at SFO and\n                        whether those procedures are consistent with TSA policy.\n                    \xe2\x80\xa2   Determine whether and to what extent covert security testing has been\n                        compromised at SFO and identify who was involved in these actions.\n\n                  To accomplish our review, we conducted fieldwork at TSA headquarters in\n                  Arlington, Virginia, and at San Francisco International Airport and their off-\n                  site facilities in Southern San Francisco, California. We reviewed TSA\xe2\x80\x99s\n                  Aviation Operations Directives, Screening Checkpoint Standard Operating\n                  Procedures, and other relevant documentation pertaining to the identification\n                  and reporting of security incidents and the covert security testing process. We\n                  also received a briefing from the OIAPR investigative team to obtain their\n                  insights and comments regarding the allegations.\n\n                  To obtain a thorough understanding of security incidents and covert security\n                  testing policies and procedures, we interviewed key TSA officials, including\n                  the Acting Deputy Assistant Secretary; the Assistant Administrator of\n                  Aviation Operations; the Program Executive, Screening Partnership Program;\n                  Program Analyst, Screening Partnership Program; Chief of Staff, Human\n                  Resources; Manager, Screening Outreach Programs, Office of Aviation\n                  Programs; and members of the OIAPR review team. At SFO, we interviewed\n                  the TSA Western Area Director and FSD; Deputy FSD; Director, Western\n                  Area Staff; Assistant FSD, Screening; Deputy Assistant FSD, Screening;\n                  Assistant FSD, Regulatory; Deputy Assistant FSD Regulatory; TSA Security\n                  Engineer; Aviation Security Inspectors; Screening Managers, and other TSA\n                  staff.\n\n                  At SFO, we also interviewed key CAS officials, including the President;\n                  Executive Vice President; Vice President and General Manager; Vice\n                  President, Human Resources; Director of Operations; Deputy Director of\n                  Operations; Director of Training; Terminal Manager; SCC Supervisors; a\n                  Customer Service Specialist; Checkpoint Screening Supervisors; and other\n                  CAS staff.\n\n                  We analyzed work papers and other relevant documents transferred from\n                  OIAPR. We toured and observed various terminals, screening checkpoints,\n                  and the SCC at SFO.\n\n                   Review of Allegations Regarding San Francisco International Airport\n                                                Page 11\n\x0cAppendix A\nPurpose, Scope and Methodology\n\n\n\n                  We conducted fieldwork between May 2005 and October 2005 under the\n                  authority of the Inspector General Act of 1978, as amended, and according to\n                  generally accepted government auditing standards. A listing of the major\n                  contributors to this report is included in Appendix C.\n\n\n\n\n                   Review of Allegations Regarding San Francisco International Airport\n                                                Page 12\n\x0cAppendix B\nManagement Comments to the Draft Report\n\nx\n\n\n\n\n                  Review of Allegations Regarding San Francisco International Airport\n                                               Page 13\n\x0cAppendix B\nManagement Comments to the Draft Report\n\n\n\n\n                  Review of Allegations Regarding San Francisco International Airport\n                                               Page 14\n\x0cAppendix B\nManagement Comments to the Draft Report\n\n\n\n\n                  Review of Allegations Regarding San Francisco International Airport\n                                               Page 15\n\x0cAppendix B\nManagement Comments to the Draft Report\n\n\n\n\n                  Review of Allegations Regarding San Francisco International Airport\n                                               Page 16\n\x0cAppendix C\nChronology of Events\n\n\n\n                   The following is a chronology of events related to covert security testing\n                   conducted at SFO by OIG and OIAPR testers.\n\n                   Nov. 19, 2001          Public Law 107-71 creates TSA and requires a pilot\n                                          program where the screening of passengers and\n                                          property will be performed by private screening\n                                          parties.\n\n                   Jun. 18, 2002          TSA announces that five airports would be participating in\n                                          the pilot program.\n                   Oct. 10-11, 2002 TSA awards contracts for the Private Screening Pilot\n                                    Program. Covenant Aviation Security received\n                                    contract for airport at San Francisco, CA.\n\n                   Nov. 19, 2002         Start of pilot program screening for passengers at airports.\n\n                   Feb. 6, 2003           Security Breach, Terminal 3\n\n                   Feb. 26, 2003          ABC News Media testing\n\n                   Mar. 17-18, 2003 OIAPR Testing\n\n                   Mar.-Apr. 2003         Screening Control Center with CCTV enhanced\n\n                   Aug. 20-22, 2003 DHS-OIG Testing\n\n                   Sept. 8-9, 2003        OIAPR Testing\n\n                   Sept. 22, 25, 2003 OIAPR Testing\n\n                   May 17-18, 2004 OIAPR Testing\n\n                   Aug. 30, 2004         OIAPR Testing\n\n                   Sept. 13, 2004        OIAPR Testing\n\n                   Nov. 22, 2004         Screener\xe2\x80\x99s letter of allegations received\n\n                   Nov. 24, 2004         President, CAS, letter to FSD, SFO (regarding ceasing all\n                                         compromising activity)\n\n                   Jan. 12-14, 2005      DHS-OIG Testing\n                   Feb. 18, 2005         Screener files Wrongful Firing Lawsuit\n                   Review of Allegations Regarding San Francisco International Airport\n                                                Page 17\n\x0cAppendix D\nMajor Contributors to this Report\n\n\n                    Alexander Best, Director, Transportation Security Audit Division\n                    James Yeager, Audit Manager\n                    Leigh Johnson-Steele, Auditor-In-Charge\n                    Gary Alvino, Program Analyst\n\n\n\n\n                  Review of Allegations Regarding San Francisco International Airport\n                                               Page 18\n\x0cAppendix E\nReport Distribution\n\n\n                      Department of Homeland Security\n                      Secretary\n                      Deputy Secretary\n                      Chief of Staff\n                      Deputy Chief of Staff\n                      General Counsel\n                      Executive Secretariat\n                      Assistant Secretary for Policy\n                      Assistant Secretary for Legislative and Intergovernmental Affairs\n                      Assistant Secretary for Public Affairs\n                      DHS GAO/OIG Liaison\n                      DHS OIG Liaison, TSA\n                      Chief Privacy Officer\n\n\n                      Office of Management and Budget\n\n                      Chief, Homeland Security Branch\n                      DHS OIG Budget Examiner\n\n                      Congress\n                      Congressional Oversight and Appropriations Committees, as appropriate\n\n\n\n\n                  Review of Allegations Regarding San Francisco International Airport\n                                               Page 19\n\x0cAdditional Information and Copies\n\n\nTo obtain additional copies of this report, call the Office of Inspector General (OIG) at\n(202) 254-4100, fax your request to (202) 254-4285, or visit the OIG web site at\nwww.dhs.gov/oig.\n\n\n\nOIG Hotline\n\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal\nor noncriminal misconduct relative to department programs or operations, call the\nOIG Hotline at 1-800-323-8603; write to DHS Office of Inspector General/MAIL\nSTOP 2600, Attention: Office of Investigations - Hotline, 245 Murray Drive, SW,\nBuilding 410, Washington, DC 20528, fax the complaint to (202) 254-4292; or email\nDHSOIGHOTLINE@dhs.gov. The OIG seeks to protect the identity of each writer\nand caller.\n\x0c'